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IN THTE CLAIMS 
Claim 1. (Cmrentty Amended) An industrial network, comprising: 
a local area network; 

one or more programmable logic controUeis; and 

a security poUcy implementation point (SPIP) comiected between lie local area network 
and The one or mote programmable logic controllers to isolate the one or m.>re programmable 
logic controUers and associated factory machines from the local area network to prevent a person 
using a management program fiom accessing the one or more programr.able logic controllers 
over the local area network unless authenticated to the SPP and authorized to take action on the 

... ^ r..r. n..<^^3h1- bpf ^-'"^-^ ^PIP. the SPIP being configured to 

participate in a Virmal Private Network (VPN) such that commmncaiions betwsen^ 
p.».^^..t.m^am and wife the SPIP over the industrial network occm over a VPN nmnel. 

Clami2 (Previously Presented) TTie industrial network of claim 1 , waerein the SPIP is 
integrated with the programmable logic controUer and wherein the SPD • is logically connected 
between the local area network and the one or more programmable logic conb oUers. 

Claim 3. (Previously Presented) The industrial network of claim 1. wherein the network 
contains a plurality of programmable logic controllers, wherein the one or more programmable 
logic controllers are a subset of the pluraUty of programmable logic conxoH^. and wherein the 
SPIP is physically disposed between the local area network and the one or ,nore programmable 
logic controllers- 

Claim 4. (Original) The industrial network of claim 3, wherein the ocaJ area network is an 
Ethernet network, wherein the SPff is configured to communicate witt . network devices on the 
local area network over the Ethernet network, and wherein the SPIP is configured to 
commmiicate with the progmmmable logic controller using a protocol selected from at least one 
of Profibus, Controller Area Network. RS-232, RS-422, and RS-485. 
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„ ^ „^ Eta«. ^^hAouter. and ^«ein tt.= SPff is included a. a blai . « d« B*en»< 
switch/router. 

Claim 6. (Original) Ih. inda^rial „«w«ic of claim 5. ^vh«ein the SPIP is configure to 
in,plem«,t securi^ PoUcy «. control ncwo* »^ » at leaa. one PLC connected to the 
Ethernet switch/router through the SPIP. 

Claim 7 (Previously Presented) Hie industrial network of claim 1, wher.in the SPIP is further 
configured to apply poUcy to limit access to the programmable logic controllers to individuals 
authorized to access the programmable logic controllers and to require authentication on the 
SPIP before allowing control instructions to pass &om the local area netwuric through the SPP to 
the one or more programmable logic controllw. 

Claims. (Canceled) 

Clami 9 (Original) The industrial network Of claim 1, wherein the i^du^trial network is an 
^trusted network configured to intercomiect network services with a plurality of SPffs 
associated with factory machines, and wherein the network services are configuxed to enable 
operation of the factory machines to be altered through the industrial netv /ork. 

Claim 10 (Previously Presented) The industrial network of claim 1, wherein the SPIP is fUrther 
configured to enable local access to the one or more progranunable logic controllers by applying 
local authentication and authorization policy to enable the SPIP to enforce network policy m 
connection with attempted local access. 



one 



Claimll. (Original) Theindustrisdnetworkof claim 10, wherein the local poUcy comprises: 
a local access policy configured to require authentication and auihorization of at least 

of an user and an accessing electronic device for non-emergency attempts to access the SPIP, and 
an alternate access poUcy configured to allow access to the SPIP aad maintain an audit 

log attendant to a local attempt to access the SPIP. 
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Claim 12. (Canceled) 



Claim 13 (Previously Presented) The industrial network of claim L, therein tlie SPIP 
comprises a local authentication policy and information associated with authorized users and 
indicative of authorization poHcy information associated with said at least cne factory machme. 

Claim 14, (Currently Amended) A Security Policy hnplementalion Poir.t (S:?]P) for use in an 

industrial network, comprising: 

a local path to implement a local access policy related to direct .ocal access to one or 

more programmable logic controllers; and 

a network path connected between the industrial network a .d :he one or more 
programmable logic conlrollers to control access to the programmable bgic controller via the 
industrial network, the network path isolating the one or more programmable logic controllers 
and associated factory machines from the industrial network to prevent a person using a 
management program from accessing the one or more programmable lojpc controllers over the 
local area network ui^ess authenticated to the SPlP and authorized to t^ce action on the one^ 
p... ^.^.rnrr^^le l-^r" ---^r,^^.r. nmtected bv the SPIP. the network path also implementmg 
a Virtual Private Network such that communications with the SPIP ov« the industrial network 
occur over a VPN tunnel. 

Claim 15. (Previously Presented) The SPIP of claim 14, further comprising programmable logic 
controller circuitry configured to implement the one or more programmal^le logic controllers and 
to function to control at least one factory machine. 

Claim 16. (Previously Presented) The SPIP of claim 15, wherein the local access poUcy 
includes enablmg access to an associated factory machine to enable operation of the factory 
machine to be altered without verij&cation of authorization and authentic ation of an user seeking 
to alter the operation during an anergency. 
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Claim 17 (Origmal) The SPIP of claim 16, wherein the local path fuiUier comprises an 
accounting module configured to record accesses to at least one of the SPIP. an associated 
programmable logic controUer, and an associated factory machine. 

Claim 18. (Original) The SPIP of claim 15, wherein the local path composes an authentication 
module configured to authenticate the identity of an individual seeking to access a device 
through the SPIP. and an authorization modnle configured to assess an authorization associated 
with the individual to ascertain whether the individual is authorized to accc ss il.e device. 

Claim 19, (Original) The SPIP of claim 18, wherein the authorization module is an interface to 
a Lightweight Directoiy Access Protocol (LDAP) server, and wherein die aud^entication module 
is an interfece to a Remote Access Dial In User Service (RADIUS) server. 

Clmm 20. (Original) The SPIP of claim 18, wherein the auHientication and authorization 
modules maintain a local copy of authorized users and authentication polioy tc allow local access 
to the SPIP. 

Claim 21. (Previously Presented) The SPIP of claim 15, wherein the SPIP is configured to 
apply policy to limit access to the programmable logic controllers to irdividuals authorized to 
access the programmable logic controUers and to require authentication on the SPIP before 
allowing control instructions to pass from the industrial networic througl. the SPIP to the one or 
more programmable logic controllers. 

Claim 22. (Original) The SPIP of claim 15, further comprising netvt ork ports configure to 
interface with the indusirial network, and output ports configured to interface with a 
programmable logic controller. 

Qaim 23. (Original) The SPIP of claim 22, wherein the network pons are configured to 
communicate on the industrial network utilizing an Ethernet protocol; .^d wherein the output 
potts are configured to communicate with the programmable logic coiitnjller using a protocol 
understandable by the programmable logic controller. 
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Claim 24 (OrigiB^) The SPIP of cl^ 15. fuither comprising network ports configured to 
interface with the industrial netwotk. control logic co..figur«i to impleme nt a control program 
associated with a progr^nmable logic controller, and interface ports configured to mterface w.th 
a factory machine. 

Claim 25, (Origmal) The SPIP of claim 24. wherein the interface ports comprise at least one 
input port configured to receive input from an environmental sensor, and «t le..t one output port 
configured to control at least one electro-mechanical device. 
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